This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry. This key is located in the file AppModule.class by default and looks like the standard representation of UUID in hex digits (hd) : 6hd-4hd-4hd-4hd-12hd If the HMAC key has been changed to look differently, this module wont find the key because it tries to download the file and then uses a specific regex to find the key.
b1c7d62902e4bda90669843700bef91f0006f013f404b5ebf2f2d9ae7a80eaf5An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application. This vulnerability is also present in other products that are built on top of the OpManager application. This vulnerability affects OpManager versions 12.1 through 12.5.328.
a64897f563277f473cabf805ba128ebed5a9f941959e6b9130ab7f541f5a6e50OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities.
64ac41f600218c8a53f85f7edaf868fd9208d415671cac26f51f2f16940095bbMoodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.
e1192dea24bdf40a1f2a57e173fb3e080e8f325080cbf19e225ef91eda41a138
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed